27a326dafb
As of grub2 >= 2.02-95 on redhat family distros, calling grub2-install on an EFI partition will fail with: "this utility cannot be used for EFI platforms because it does not support UEFI Secure Boot." This version of grub is now in centos8-stream and non-eus repos of RHEL-8. It is not currently possible to build whole-disk UEFI images on these distros, and when this package is promoted this will also affect centos8 and RHEL-8 eus. The grub maintainers made this change because the grub2-install generated /boot/efi/EFI/BOOT/BOOTX64.EFI will never be capable of booting with Secure Boot. This change defines a $EFI_BOOT_DIR for every distro element. When directory /boot/efi/$EFI_BOOT_DIR exists a grub.cfg file in will be generated there. This change also installs the shim package on redhat family distros, which installs a copy of the shim bootloader to /boot/efi/EFI/BOOT/BOOTX64.EFI. Using centos as an example, this allows UEFI to boot the shim /boot/efi/EFI/BOOT/BOOTX64.EFI which then chains to /boot/efi/EFI/centos/grubx64.efi. If /boot/efi/$EFI_BOOT_DIR doesn't exist (such as for Ubuntu, /boot/efi/EFI/ubuntu) the current behaviour of running grub-install to generate /boot/efi/EFI/BOOT/BOOTX64.EFI will continue. For distros such as Ubutnu where packaging does not populate /boot/efi/EFI/ubuntu with .efi files, secure boot can be added in the future by copying .efi files to /boot/efi/EFI/ubuntu and copying the shim file to /boot/efi/EFI/BOOT/BOOTX64.EFI. Change-Id: I90925218ff2aa4c4daffcf86e686b6d98d6b0f21 |
||
---|---|---|
.. | ||
environment.d | ||
root.d | ||
test-elements | ||
element-deps | ||
element-provides | ||
package-installs.yaml | ||
README.rst |
============== debian-minimal ============== The ``debian-minimal`` element uses debootstrap for generating a minimal image. By default this element creates the latest stable release. The exact setting can be found in the element's ``environment.d`` directory in the variable ``DIB_RELEASE``. If a different release of Debian should be created, the variable ``DIB_RELEASE`` can be set appropriately. Note that this element installs ``systemd-sysv`` as the init system The element obeys the ``DIB_DISTRIBUTION_MIRROR`` argument for mirroring (see ``debootsrap`` element documentation). However, the security repositories are separate for Debian, so we can not assume they exist at ``DIB_DISTRIBUTION_MIRROR``. If you do not wish to use the upstream repository (from ``security.debian.org``) override it with ``DIB_DEBIAN_SECURITY_MIRROR``. The security suite name's subpath can also be overridden to something other than ``/updates`` with the ``DIB_DEBIAN_SECURITY_SUBPATH`` variable. .. element_deps::